GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
280 advisories
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
Django Denial-of-service by filling session store
High
CVE-2015-5143
was published
for
Django
(pip)
Jul 5, 2019
Command Injection in Xstream
Critical
CVE-2013-7285
was published
for
com.thoughtworks.xstream:xstream
(Maven)
May 29, 2019
Apache Commons Compress vulnerable to denial of service due to infinite loop
Moderate
CVE-2018-1324
was published
for
com.liferay:com.liferay.portal.tools.bundle.support
(Maven)
Mar 14, 2019
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Low
CVE-2019-3772
was published
for
org.springframework.integration:spring-integration-ws
(Maven)
Jan 25, 2019
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
Django vulnerable to XSS on 500 pages
Moderate
CVE-2017-12794
was published
for
Django
(pip)
Jan 4, 2019
Commons FileUpload Denial of service vulnerability
High
CVE-2014-0050
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Path Traversal in Hadoop
High
CVE-2018-8009
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Cross site scripting in org.apache.nifi:nifi
Moderate
CVE-2018-17193
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Apache NiFi Improper Input Validation vulnerability
High
CVE-2018-17194
was published
for
org.apache.nifi:nifi-framework-cluster
(Maven)
Dec 20, 2018
Improper Restriction of Rendered UI Layers or Frames in Apache nifif
Moderate
CVE-2018-17192
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Spring Security vulnerable to Authorization Bypass
High
CVE-2018-15801
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 20, 2018
Improper Restriction of XML External Entity Reference in pippo-core
Critical
CVE-2018-20059
was published
for
ro.pippo:pippo-core
(Maven)
Dec 19, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Improper Certificate Validation in proton-j
High
CVE-2018-17187
was published
for
org.apache.qpid:proton-j
(Maven)
Nov 21, 2018
High severity vulnerability that affects org.apache.syncope:syncope-core
High
CVE-2018-1321
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Moderate
CVE-2018-1322
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Deserialization of Untrusted Data in Pippo
Critical
CVE-2018-18628
was published
for
ro.pippo:pippo-core
(Maven)
Oct 24, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Path traversal in org.springframework.integration:spring-integration-zip
Moderate
CVE-2018-1261
was published
for
org.springframework.integration:spring-integration-zip
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API